For airlines, the new hackers to fear are IT

NEW YORK, United States | Security measures put in place at airports and planes after the September 11 attacks drastically reduced the risk of a terrorist breaking into the cockpit. Airlines are now more concerned about potential hacker attacks.

• Read also: US tech giants’ ‘war on terror’ has earned billions

Between the shielding of the pilots’ doors, the sophisticated explosives detection devices, the identification of certain passengers, the prohibition of pointed objects or the control of electronic devices, shoes and liquids in the cabin, “we are safer” in planes today, said the executive director of the International Air Transport Association (Iata), Willie Walsh, in a note Wednesday.

If an individual attempted to take physical control of an aircraft anyway, “the passengers themselves, knowing what happened on September 11, would struggle,” argues Dan Cutrer, a former pilot turned aviation safety expert. for the American Embry-Riddle University.

For him, the new dangers have become invisible, whether it is the coronavirus, which has hit hard all air traffic for nearly two years, or computer attacks.

These are among the “emerging risks” for security to be actively monitored, alongside drones or internal threats, says Willie Walsh.

New doors

As the aviation sector adopts new technologies, develops online services, offers passengers to connect via WiFi, new entry doors open for hackers.

Taking control of an aircraft remotely is unlikely, believe several experts interviewed by AFP: the system used to pilot a device is clearly separate from that managing the screens of the passengers.

And even if these systems were flawed, “they are not an attractive target for most players because of the access and expertise required, as well as the risk of death,” says Katelyn Bailey of the company. FireEye cybersecurity.

The most tangible threat comes perhaps from the system allowing exchanges between pilots and air traffic controllers, which is not encrypted, argues Pablo Hernandez, researcher at the institute specializing in aviation data Innaxis. With the right radio device, it can be quite easy to get into a conversation.

But flight security is the priority in aviation, sensitive equipment is secure, he says.

Attacks on “ground” systems, such as those handling ticket reservations or baggage, have, however, become commonplace, such as when hackers in 2020 accessed the personal data of around 9 million customers of the British company. EasyJet.

The traffic monitoring body Eurocontrol identified 1,260 of them last year, mainly against companies, but also against manufacturers, airports, authorities, etc.

Every week on average, an industry player around the world is now a victim of ransomware, software fraudulently installed by hackers asking for money to unlock the system or not to make stolen data public, the organization adds in a note published in early July.

Money and espionage

The most feared risk is a cyber attack “disrupting operations,” Deneen DeFiore, chief information security officer for United Airlines, told AFP.

“In aviation, there is no downtime,” she recalls: planes take off and land non-stop around the world and any failure can have cascading repercussions.

And between the gradual abandonment of paper tickets, the growing sharing of data with service providers, the growing use of software to better manage planning or fuel consumption, this risk is growing.

The vast majority of hackers appear to be motivated by money, which they can earn by hacking bank data, reselling personal data, or demanding a ransom.

But given the wealth of information available on passengers, from their name to their flight history, some states may also be tempted to conduct espionage operations, notes Katelyn Bailey of FireEye.

The existence, since 2014, of an information sharing and analysis center dedicated to cybersecurity in aviation (Aviation ISAC) is a precious help for companies, according to Deneen DeFiore.

Cyber ​​risks represent, according to her, a new reality that all stakeholders must take into account, from aviation security managers to maintenance teams.


Leave a Comment